Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.
Which type of security assessment activity Jacob is currently performing?

• A.SAST
• B.CAST
• C.ISCST
• D.CAST

Comment: *

Name: *

Email: *

Verification: *

To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?

• A.lsNotvalidate="false"
• B.lsNotvalidate="disabled"
• C.validate="enabled"
• D.valid ate-'true"

Comment: *

Name: *

Email: *

Verification: *

The software developer has implemented encryption in the code as shown in the following screenshot.

However, using the DES algorithm for encryption is considered to be an insecure coding practice as DES is a weak encryption algorithm. Which of the following symmetric encryption algorithms will you suggest for strong encryption?

• A.Triple DES
• B.MD5
• C.SHA-1
• D.AES

Comment: *

Name: *

Email: *

Verification: *

Identify the type of attack depicted in the figure below:

• A.Cross-Site Request Forgery (CSRF) attack
• B.Denial-of-Service attack
• C.SQL injection attack
• D.XSS

Comment: *

Name: *

Email: *

Verification: *

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

• A.Denial-of-Service attack
• B.Directory Traversal Attack
• C.Client-Side Scripts Attack
• D.SQL Injection Attack

Comment: *

Name: *

Email: *

Verification: *